<?php

include("../config.php");
include("filterzip.php");

$auth = null;
if (isset($_GET["auth"])) {
	$auth = htmlspecialchars($_GET["auth"]);
}
else if (isset($_POST["auth"])) {
	$auth = htmlspecialchars($_POST["auth"]);
}

if ($auth != $gconfig['auth']) {
	echo "Access Denied";
	exit;
}


if (isset($_POST["zip"])) {
	
	$query = "select * from gallery where name = '".$_POST["name"]."' and site_id = ".$_POST["site_id"];
	$galresult=mysql_query($query);
	$num=mysql_numrows($galresult);
	if ($num > 0) {
		echo "Warning:Exists";
		exit;
	}
	
	$query = "select name from site where id = ".$_POST["site_id"];
	$siteresult=mysql_query($query);
	$sitename=mysql_result($siteresult,0,"name");
	
	$imagedir = '../'.$gconfig['image-root'].'/'.$sitename;
	
	$downloadcommand = $gconfig['download-command'];
	$downloadcommand = str_replace("[quote]", "\"", $downloadcommand);
	$downloadcommand = str_replace("[location]", $imagedir, $downloadcommand);
	$downloadcommand = str_replace("[url]", $_POST["zip"], $downloadcommand);
	exec($downloadcommand);
	
	$imagedir = $imagedir.'/'.basename($_POST["zip"],'.zip');
	
	$zipfile = $imagedir.'.zip';
	
	if (!file_exists($zipfile)) {
		echo "Error:InvalidZipURL";
		exit;
	}
	
	$unzipcommand = $gconfig['unzip-command'];
	$unzipcommand = str_replace("[quote]", "\"", $unzipcommand);
	$unzipcommand = str_replace("[location]", $imagedir, $unzipcommand);
	$unzipcommand = str_replace("[file]", $zipfile, $unzipcommand);
	exec($unzipcommand);
	
	unlink($zipfile);
	
	$savedir = $sitename.'/'.basename($_POST["zip"],'.zip');
	
	$zipcontents = scandir($imagedir);
	if (count($zipcontents) == 3 && is_dir($imagedir.'/'.$zipcontents[2])) {
		$savedir = $savedir.'/'.$zipcontents[2];
		$imagedir = $imagedir.'/'.$zipcontents[2];
	}
	
	$zipcontents = scandir($imagedir);
	foreach ($zipcontents as $file) {
		if ($file != '.' && $file != '..' && is_dir($imagedir.'/'.$file)) {
			delete_directory($imagedir.'/'.$file);
		}
	}
	
	$filterconfig = parse_ini_file("filterzip.ini");
	if (isset($filterconfig[$sitename])) {
		filterzip($imagedir, $filterconfig[$sitename]);
	}
	
	$insert = "insert into gallery (`name`, `desc`, imagedir, site_id) values ('".$_POST["name"]."', '".$_POST["desc"]."', '".$savedir."', ".$_POST["site_id"].")";
	mysql_query($insert) or die(mysql_error());
	
	if (isset($_POST["script"])) {
		echo "Success";
		exit;
	}
}
else {
	echo "Error:NoZip";
	exit;
}



?>

<form method="post" action="new.php">
<table>
	<input type="hidden" name="auth" value="<?php echo $gconfig['auth']?>"/>
	
	<tr>
		<td>Name: </td>
		<td><input type="text" name="name"/></td>
	</tr>
	
	<tr>
		<td>Desc: </td>
		<td><input type="text" name="desc"/></td>
	</tr>
	
	<tr>
		<td>Site: </td>
		<td><input type="text" name="site_id"/></td>
	</tr>
	
	<tr>
		<td>Category: </td>
		<td><input type="text" name="cat_id"/></td>
	</tr>
	
	<tr>
		<td>Remote Zip: </td>
		<td><input type="text" name="zip"/></td>
	</tr>
	
	<tr>
		<td>Added: </td>
		<td><input type="text" name="added"/></td>
	</tr>

</table>
  <p>
    <input type="submit" value="Create">
  </p>
 </form>
 
 <?php 
mysql_close();
?>